UI access controls ― move to plugins, let admins pick service

[nhoening]

A server which runs multiple services should not show all services at once. This mostly concerns the menu.

Note that this PR does not implement authorization, but access routing. Also note that specific frontend UIs (e.g. for one plugin in particular) don't need this. This is for our use of Jinja2 directly on FlexMeasures.

• For now we had added several config settings for plugins to control the menu and their landing page, but this is a clumsy solution. Plugins with UI components (i.e. user-facing services) need to define some meta data like this:

__service_ui__ = {
    menu_items = [
        {name="", path="", icon=""}
    ],
    landing_page=""
}

• In addition, it makes sense that a plugin can determine a role which can be used to limit access. E.g. __access_role__ = "MyPlugin-subscriber" (this can also be used when using @account_roles_required on endpoints).
• When the FlexMeasures UI builds the menu, it finds a list of menu items as well as a landing page for the current user. This can be done by looking for __access_role__.
• A user who can access multiple of such services (e.g. admins) should have a service_ui setting in their session to identify which one they get to see.
• If not, they get routed to a simple selection dashboard, to click on a service. The view behind this sets the session variable and reroutes to the pugin's landing page.
• Service switching should be supported in the menu, routing to the aforementioned simple service selection & rerouting view.